I personally stick to iptables. nftables does not seem to be an improvement at all. iptables is terse but logical.
replyI’ll pick nftables over iptables any day, it’s leagues better (granted, it’s not hard). The nftables wiki is great, as the syntax and modules are documented in a single easy to read page.
replyAs an added bonus, you get atomic updates of all chains for free.
Granted, for simple usecases, ufw or firewalld may be simpler though.
Definitely an upgrade over iptables. I kinda miss ipchains though.
replyYou can still use the iptables interface for nftables rules if you'd like, but I think you miss out on things like atomic application of rulesets, ranges, lists, and variables (not shell variables).
reply